Authenticate external app with ucs ldap


#1

I’m trying to authenticate Atlassian Jira through UCS.
I can get the app to connect to the ldap with the follwing settings

Hostname: server IP
port: my port
username: CN=administrator,CN=users,DC=mydomain,DC=com
password: adminpassword

LDAP schema: DC=mydomain, DC=com

Where it gets tricky, is the schema settings;

User Object Class: entered user
The LDAP user object class type to use when loading users.

User Object Filter: (objectclass=user)
The filter to use when searching user objects.

User Name Attribute: uid
The attribute field to use on the user object. Examples: cn, sAMAccountName.

User Name RDN Attribute: cn
The RDN to use when loading the user username.Example: cn.

User First Name Attribute: givenName
The attribute field to use when loading the user first name.

User Last Name Attribute: sn
The attribute field to use when loading the user last name.

User Display Name Attribute: displayName
The attribute field to use when loading the user full name.

User Email Attribute: mail
The attribute field to use when loading the user email.

User Password Attribute: userPassword
The attribute field to use when manipulating a user password.

User Password Encryption: md5
Choose the encryption algorithm used for passwords on your directory.

User Unique ID Attribute: gidNumber
The attribute field to use for tracking user identity across user renames.

Here’s a univention-ldapsearch uid=user

extended LDIF

LDAPv3

base <dc=360-innovations,dc=com> (default) with scope subtree

filter: uid=myuser

requesting: ALL

myuser, users, mydomain.com

dn: uid=myuser,cn=users,dc=mydomain,dc=com
uid: jmfrappier
krb5PrincipalName: myuser@MYDOMAIN.COM
uidNumber: 2010
sambaAcctFlags: [U ]
sambaPasswordHistory: 0AF1F39FE9FFA01269C9A1C7BFB5
F7521E90
krb5MaxLife: 86400
shadowLastChange: 16808
cn: My User
univentionBirthday:
userPassword:: e2NyeXB0fSQ2JEZaUdDWXZxLmZ5Vm5SQkJRT2Jh
cE9CZ2RYVTE=
krb5Key:: MFehKzApoAMCARKhIgQgWPhcHBpZXI=
krb5Key:: MEehGzAZoAMCARGhEgQQKwllcg==
krb5Key:: ME+hIzAhoAMCARChGgZyYXBwaWVy
krb5Key:: MEehGzAZoAMCARgAwIBA6EfBB0zNjAtSU5O
T1ZBVcGllcg==
krb5Key:: MD+hEzARoAMCBpZXI=
krb5Key:: MD+hEzARoAMCAQ
krb5Key:: MD+hEzARoAMCAQGhCgQIwR8+
sambaMungedDial: bQAgACAAIAAgACAAIAA
krb5MaxRenew: 604800
krb5KeyVersionNumber: 1
loginShell: /bin/bash
univentionObjectType: users/user
krb5KDCFlags: 126
sambaPwdLastSet: 1452283076
sambaNTPassword: 71DE85E510ABCCB90265808213EF573A
displayName: My User
o: MyDomain
gecos: My User
sn: User
pwhistory: $6$lt98W6j7vqi.VmGs$rC
homeDirectory: /home/myuser
givenName: My
gidNumber: 5001
sambaPrimaryGroupSID: S-1-5-21-15947…
sambaSID: S-1-5-21-15947087…
univentionPasswordSelfServiceEmail: myuser@MYDOMAIN.COM
univentionUMCProperty: appcenterSeen=true
univentionUMCProperty: favorites=appcenter:appcenter,updater,udm:users/user,ud
m:groups/group,udm:computers/computer,apps:mailserver,apps:self-service,apps:
fetchmail
univentionFetchmailProtocol: IMAP
objectClass: krb5KDCEntry
objectClass: univentionPerson
objectClass: posixAccount
objectClass: person
objectClass: top
objectClass: inetOrgPerson
objectClass: sambaSamAccount
objectClass: organizationalPerson
objectClass: univentionPWHistory
objectClass: univentionMail
objectClass: univentionSAMLEnabled
objectClass: shadowAccount
objectClass: krb5Principal
objectClass: univentionPasswordSelfService
objectClass: univentionObject
objectClass: univentionFetchmail

Thanks


#2

Hi,

which port was used?
Uppercase in the “username” (is this the Bind-DN?) looks like AD-style LDAP. You have quoted univention-ldapsearch. Please compare the differences with the result of “univention-s4search cn=user” in case Samba 4 is installed.

Best Regards,
Dirk Ahrnke


#3

Installed Apache directory studio and was able to get the correct info from the domain.